Commit d4504fe5 authored by Matt Caswell's avatar Matt Caswell
Browse files

Fix early_data with an HRR 



early_data is not allowed after an HRR. We failed to handle that
correctly.

Reviewed-by: default avatarBen Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/3933)
parent 1e3f62a3

ssl/statem/extensions_srvr.c

+5 −0
Original line number Diff line number Diff line
@@ -678,6 +678,11 @@ int tls_parse_ctos_early_data(SSL *s, PACKET *pkt, unsigned int context, 
        return 0;

    }



    if (s->hello_retry_request) {

        *al = SSL_AD_ILLEGAL_PARAMETER;

        return 0;

    }



    return 1;

}

ssl/statem/statem.c

+2 −7
Original line number Diff line number Diff line
@@ -157,13 +157,8 @@ int ossl_statem_skip_early_data(SSL *s) 
    if (s->ext.early_data != SSL_EARLY_DATA_REJECTED)

        return 0;



    if (s->hello_retry_request) {

        if (s->statem.hand_state != TLS_ST_SW_HELLO_RETRY_REQUEST)

            return 0;

    } else {

    if (!s->server || s->statem.hand_state != TLS_ST_EARLY_DATA)

        return 0;

    }



    return 1;

}

ssl/statem/statem_clnt.c

+7 −0
Original line number Diff line number Diff line
@@ -1571,6 +1571,13 @@ static MSG_PROCESS_RETURN tls_process_hello_retry_request(SSL *s, PACKET *pkt) 


    s->hello_retry_request = 1;



    /*

     * If we were sending early_data then the enc_write_ctx is now invalid and

     * should not be used.

     */

    EVP_CIPHER_CTX_free(s->enc_write_ctx);

    s->enc_write_ctx = NULL;



    /* This will fail if it doesn't choose TLSv1.3+ */

    errorcode = ssl_choose_client_version(s, sversion, 0, &al);

    if (errorcode != 0) {

ssl/statem/statem_srvr.c

+9 −9
Original line number Diff line number Diff line
@@ -48,15 +48,14 @@ static int ossl_statem_server13_read_transition(SSL *s, int mt) 
    default:

        break;



    case TLS_ST_SW_HELLO_RETRY_REQUEST:

    case TLS_ST_EARLY_DATA:

        if (s->hello_retry_request) {

            if (mt == SSL3_MT_CLIENT_HELLO) {

                st->hand_state = TLS_ST_SR_CLNT_HELLO;

                return 1;

            }

            break;



    case TLS_ST_EARLY_DATA:

        if (s->ext.early_data == SSL_EARLY_DATA_ACCEPTED) {

        } else if (s->ext.early_data == SSL_EARLY_DATA_ACCEPTED) {

            if (mt == SSL3_MT_END_OF_EARLY_DATA) {

                st->hand_state = TLS_ST_SR_END_OF_EARLY_DATA;

                return 1;
@@ -397,7 +396,8 @@ static WRITE_TRAN ossl_statem_server13_write_transition(SSL *s) 
        return WRITE_TRAN_CONTINUE;



    case TLS_ST_SW_HELLO_RETRY_REQUEST:

        return WRITE_TRAN_FINISHED;

        st->hand_state = TLS_ST_EARLY_DATA;

        return WRITE_TRAN_CONTINUE;



    case TLS_ST_SW_SRVR_HELLO:

        st->hand_state = TLS_ST_SW_ENCRYPTED_EXTENSIONS;